SafeStorageBot
The bot is a secure password vault. You encrypt your password with your master password and store it in the bot. When you want to recall your password, you only need to enter your master password. The master password and passwords are not stored anywhere,
#password #secret #webapp #bookmark #storage
Start communication with SafeStorageBot bot in your Telegram, by clicking on the "Send Message" button.
The Telegram team announced the Saved Messages tab quite a while ago. Over time, my friends and I noticed that some of our passwords from services began to appear there as well, and “Saved Messages” is already being used as a password repository.
[Video](https://www.youtube.com/watch?v=VEZt9bAXH74)
It’s quite convenient, but there are some disadvantages:
1. Passwords are not encrypted.
2. It is hard to search without tags, because there is other information
3. It’s inconvenient to associate the service with the password
4. You have to select when copying (which is not always convenient when there are special characters)
Solve this problem securely for passwords with a bot, before the release of Telegram WebApp was impossible with one bot(you can encrypt separately and send the result):
1. No client side(code that can be verified)
2. Send unencrypted passwords to server is unsafe
With the advantage of WebApp this can be done (the main thing is to think up and remember the master-password):
1. Encrypt the password with a master password using Javascript (crypto API/crypto-JS) on the client side
2. Send the encrypted password to the server (there we encrypt the password a couple more times to secure the database)
3. When we need a password, we request it and decrypt it using the master password on the client side
That’s how this bot came about.
How it works:
- You add a password with the title
- You enter the master password for encryption
- Send title + encrypted password to the server (master-password is never sent)
- On the server, encrypt the password a second time with the server master-password
- The entry is saved in the database
- ……
- You request the password
- The entry is retrieved from the database and decrypted with the server master-password
- Sent to the client side
- You enter your master password and decrypt on the client side using javascript
- You see the decrypted password and can copy it
The client part of the application is posted in the repository:
https://github.com/SafeStorageBot/frontend_bot
With the command ‘/version’ you can always see the commit number of the client part of the application and see the code.
Encryption module: https://github.com/SafeStorageBot/frontend_bot/blob/master/src/app/utils/crypto.ts
I have long thought about monetisation and after consulting with friends I settled on the option 3 passwords can always be stored, and for a donation of 3 euros a month you can store any number
Thank you for your attention!
Do you like this bot? login or click @dailychannelsbot to rate this bot via Telegram
